General
-
Target
a5ba43f8250818fccdbf60c47cebf28e7f001b6fc34af87628c7f545368e68f5N.exe
-
Size
90KB
-
Sample
241127-g1gkls1pay
-
MD5
6d18c3df2e5ac53315677fb060bc7660
-
SHA1
c8ffc5149362a8d03f4bfb35f5e64c980f35c0da
-
SHA256
a5ba43f8250818fccdbf60c47cebf28e7f001b6fc34af87628c7f545368e68f5
-
SHA512
c7ab3a6bcab9952a4d70d2d12c941a51b311b31ffd72ce55cf4e26268a128a43ebc4bdad696f20b0be00273e07a44f9d620393a4d46487df0e4c4ad7ed325ff9
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDs:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3q
Malware Config
Targets
-
-
Target
a5ba43f8250818fccdbf60c47cebf28e7f001b6fc34af87628c7f545368e68f5N.exe
-
Size
90KB
-
MD5
6d18c3df2e5ac53315677fb060bc7660
-
SHA1
c8ffc5149362a8d03f4bfb35f5e64c980f35c0da
-
SHA256
a5ba43f8250818fccdbf60c47cebf28e7f001b6fc34af87628c7f545368e68f5
-
SHA512
c7ab3a6bcab9952a4d70d2d12c941a51b311b31ffd72ce55cf4e26268a128a43ebc4bdad696f20b0be00273e07a44f9d620393a4d46487df0e4c4ad7ed325ff9
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDs:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3q
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-